Another Elasticsearch misconfiguration found by SecurityDiscovery. You can read about it here.
Month: June 2019
Australian National University data breach stretching back 19 years detected; Affects approximately 200,000
ABC in Australia reports: The Australian National University has been hit by a massive data hack, with unauthorised access to significant amounts of personal details dating back 19 years. A sophisticated operator accessed the ANU’s systems illegally in late 2018 but the breach was only detected two weeks ago, the university said in a statement….
Almost 100,000 Australians’ private details exposed in attack on Westpac’s PayID
Ben Grubb and Clancy Yeates report: The private details of almost 100,000 Australian bank customers have been exposed in a cyber attack on the real-time payments platform PayID, which allows the instant transfer of money between banks using either a mobile number or email address. The attack on Westpac, which also affects customers from other…
Ca: Weight Loss Grants posts customer health information without consent
Sean O’Shea reports: A company that promised to pay customers for losing weight has posted personal information about clients, including their names, weights, weight loss goals and even facial photographs on its website. Weight Loss Grants revealed the personal information without clients’ consent after news reports described how the organization failed to make payments to…
Report: Theta360 Leak Potentially Exposed Millions of Users’ Public and Private Photographs
VPNMentor reports that their research team has discovered that Theta360 inadvertently left users’ photos — even those intended to be private — exposed. The leak exposed at least 11 million public and private photographs. The data breach exposed thousands of users’ photos, many of whom chose to keep their images private. The breach did not expose…
Update on American Medical Collection Agency breach: Almost 12 million Quest Diagnostic patients impacted
On May 10, DataBreaches.net broke the story of a medical collection agency breach involving American Medical Collection Agency. The breach had been discovered by Gemini Advisory, who informed this site that they had found approximately 200,000 patients’ payment card info for sale on a well-known marketplace. The cards had apparently been compromised between September, 2018…